Stack Buffer Overflow in Zabbix Server/Proxy Code
CVE-2024-36468

3LOW

Key Information:

Vendor

Zabbix

Status
Zabbix
Vendor
CVE Published:
27 November 2024

What is CVE-2024-36468?

The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds checking.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Zabbix 7.0.0 <= 7.0.2rc1

References

https://support.zabbix.com/browse/ZBX-25621

CVSS V3.1

Score:
3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

Credit

Zabbix wants to thank chamal for submitting this report on the HackerOne bug bounty platform
JSON
.